Month: May 2020

May 16, 2020

ICS SCADA Use cases

Attacks related to Industrial Control Systems are complex. There is an urgent need to share information, get support for incident analysis and mitigation, and coordinate messaging for incidents that require communication with customers and the public.

May 13, 2020

Playbook for wordpress related attacks

Several cybersecurity firms specialized in WordPress security products — such as Wordfence, WebARX, and NinTechNet — have reported on an ever-increasing number of attacks on WordPress sites. How do we contain the attacks?

May 10, 2020

Playbook for RDP scanning

Remote Desktop Protocol (RDP) provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Microsoft RDP includes the following features and capabilities: Encryption, Bandwidth reduction features, Roaming disconnect, Clipboard mapping, Print redirection, Virtual channels, Remote control, Network load balancing. Technical Details […]

May 8, 2020

Playbook for attack on Salt servers

The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Consider taking down the related servers to investigate the incident and patch vulnerable servers. Patches for the Salt vulnerabilities have been released earlier this week. Salt servers should normally be deployed behind a firewall and not left exposed on the internet. SaltStack engineers patched these […]